Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Rikhtechi, Leilaa | Rafeh, Vahida; * | Rezakhani, Afshinb
Affiliations: [a] Department of Computer Engineering, Arak University, Arak, Iran | [b] Department of Computer Engineering, Ayatollah Boroujerdi University, Boroujerd, Iran
Correspondence: [*] Corresponding author. Vahid Rafeh, Department of Computer Engineering, Arak University, Arak, Iran. Tel.: +989188510105; Email: v-rafe@araku.ac.ir.
Abstract: One of the most significant issues in information security today is monitoring users’ behavior while accessing software resources. This paper proposes a new access control model based principally on user behavior as a sequence of events regarding the processes within the software. The proposed model consists of three main components. The first component analyses system logs for events triggered by each user’s access to the system. The second component provides a policy engine to determine the risk of permitting the subsequent access requested by the user. According to the access history, the third component, which reflects the user’s behavior and the existing policies, determines the level of risk of any subsequent access of the user and acts accordingly. To generate the policies in the detection engine, a behavior-based risk management cycle is presented by applying the Ordered Weighted Averaging method to determine and rank the behavior-based risks. For modeling the behaviors, the BIZAGI Studio tool is utilized, and also for investigating all possible conditions. Kaggle and two random datasets are used to evaluate the accuracy of the proposed method. The results show an increase in the accuracy of the proposed method compared to recent research. Applying the proposed method creates more precise access control and enhances information confidentiality.
Keywords: Users’ behavior, access control, ordered weighted averaging, behavior-based risk management, software
DOI: 10.3233/JIFS-212377
Journal: Journal of Intelligent & Fuzzy Systems, vol. 43, no. 6, pp. 8207-8220, 2022
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl